From c05d4ff4d1c5f5eb61b92fb7fff8f667aa0c9b40 Mon Sep 17 00:00:00 2001 From: onefang Date: Mon, 20 Jul 2020 22:34:32 +1000 Subject: If a thing is untested, mark it as so. --- apt-panopticon.lua | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'apt-panopticon.lua') diff --git a/apt-panopticon.lua b/apt-panopticon.lua index f166819..d8ee95b 100755 --- a/apt-panopticon.lua +++ b/apt-panopticon.lua @@ -290,6 +290,11 @@ checkHEAD = function (host, URL, r, retry, sanity) IP .. ' ' .. '-o /dev/null -D results/"HEADERS_' .. fname .. '" ' .. hdr .. ' -w "#%{http_code} %{ssl_verify_result} %{url_effective}\\n" ' .. PU.scheme .. '://' .. host .. PU.path .. ' >>results/"STATUS_' .. fname .. '"' ):Nice():log():Do().status + if 0 < r then + APT.tested(PU.scheme, 'Redirects', host) + else + APT.tested(PU.scheme, '', host) + end local code = "???" local cstr = "" local location = nil @@ -359,14 +364,15 @@ checkHEAD = function (host, URL, r, retry, sanity) if (pu.host == APT.options.roundRobin.value) and (nil ~= PU.path:find('merged/pool/DEVUAN/')) then E('DEVUAN packages must not be redirected to ' .. APT.options.roundRobin.value .. ' - ' .. APT.lnk(URL) .. arw .. APT.lnk(location), PU.scheme, 'Redirects', host) end - if ('http' == location:sub(1, 4)) and (pu.scheme ~= PU.scheme) then -- Sometimes a location sans scheme is returned, this is not a protocol change. - if APT.testing("Protocol") then + if APT.testing("Protocol") then + if ('http' == location:sub(1, 4)) and (pu.scheme ~= PU.scheme) then -- Sometimes a location sans scheme is returned, this is not a protocol change. if APT.options.roundRobin.value == host then -- Coz HTTPS shouldn't happen via the round robin. E(spcd .. spcd .. "Protocol changed during redirect! " .. check .. " " .. APT.lnk(URL) .. arw .. APT.lnk(location), PU.scheme, "Protocol", host) end W(spcd .. spcd .. "Protocol changed during redirect! " .. check .. " " .. APT.lnk(URL) .. arw .. APT.lnk(location), PU.scheme, "Protocol", host) else end + APT.tested(PU.scheme, 'Protocol', host) end if location == URL then @@ -402,6 +408,7 @@ checkHEAD = function (host, URL, r, retry, sanity) I(spcd .. spcd .. "Now checking redirected host " .. u .. '   for   ' .. APT.lnk(URL) .. arw .. APT.lnk(location), host) APT.exe(downloadLock .. "REDIR-" .. check .. ".log.txt" .. " ./apt-panopticon.lua " .. extraArgs .. ' ' .. pu.host .. "/" .. path .. " " .. file):Nice():log():fork() D(spcd .. 'logging to ' .. APT.logName(pu.host, nil, file)[2]) + APT.tested(PU.scheme, 'Redirects', host) end end elseif nil ~= PU.path:find('merged/pool/DEBIAN-SECURITY/') then @@ -417,6 +424,7 @@ local checkTimeouts = function(host, scheme, URL) URL = URL:gsub("/", "///") URL = URL:gsub("///", "/", 1) checkHEAD(host, scheme .. "://" .. URL, 0, 0, true) + APT.tested(scheme, 'URLSanity', host) end if nil ~= cor then D('*>* About to resume coroutine after checkHEAD(' .. host .. ' , ' .. scheme .. ' :// ' .. URL .. ')') @@ -700,11 +708,13 @@ local parseDebs = function(host) if sha ~= fsha:sub(2, -2) then E('Package SHA256 sum mismatch - results/' .. host .. "/merged/" .. p, 'http', 'Integrity', host) end -- TODO - maybe check the PGP key, though packages are mostly not signed. end + APT.tested('http', 'Integrity', host) end if APT.testing("Updated") then if sz ~= fsz:sub(2, -2) then E('Package size mismatch for ' .. host .. "/merged/" .. p, 'http', 'Updated', host) end + APT.tested('http', 'Updated', host) end os.execute('rm -f results/' .. host .. "/merged/" .. p) else @@ -839,6 +849,7 @@ local parseRelease = function(host) " results/" .. host .. "/merged/dists/" .. n .. '/' .. o:sub(1, -5)):Nice():noErr():log():Do().status if 0 ~= status then E("GPG check failed for " .. host .. "/merged/dists/" .. n .. '/' .. o, "http", "Integrity", host) end -- TODO - should check the PGP sig of InRelease as well. + APT.tested('http', 'Integrity', host) end os.execute('rm results/' .. host .. '/merged/dists/' .. n .. '/' .. o) end @@ -885,6 +896,7 @@ local parseRelease = function(host) else updated = true end + APT.tested('http', 'Updated', host) end end -- cgit v1.1